<?php
/**
 * 
 * Permissions model
 * 
 * Operates only on class name (app) and action pairs.
 * 
 * @category Abovo
 * 
 * @package Abovo_Model_Perms
 * 
 * @author Antti Holvikari <anttih@gmail.com>
 * 
 * @license http://opensource.org/licenses/gpl-license.php GPL
 * 
 */

/**
 * 
 * Permissions model
 * 
 * @category Abovo
 * 
 * @package Abovo_Model_Perms
 * 
 * @author Antti Holvikari <anttih@gmail.com>
 * 
 */
class Abovo_Model_Perms extends Abovo_Sql_Table {
    
    /**
     * 
     * Fetches apps and their actions for user handle
     * 
     * Fetches a list of allowed apps and their actions for
     * user handle.
     * 
     * @param string $handle User handle
     * 
     * @return Assoc array with keys `class`, `action`.
     * 
     */
    public function fetchAllByHandle($handle)
    {
        $sel = Solar::factory('Solar_Sql_Select');
        
        $sel->from($this->_name, array('class_name as class', 'act as action'))
            ->where('flag = ?', 'allow')
            ->where('handle = ?', (string) $handle)
            ->where('type = ?', 'handle')
            ->order('class_name');
        
        return $sel->fetch('all');
    }
    
    /**
     * 
     * Refreshes permissions for a user handle
     * 
     * @param string $handle User handle
     * 
     * @param array $perms Permissions as an assoc array
     * with keys: `class`, `action`.
     * 
     * @return void
     * 
     */
    public function refresh($handle, $perms)
    {
        // delete all for this handle
        $this->delete(array('handle = ?' => $handle));
        
        foreach ($perms as $one) {
            $this->grant($handle, $one['class'], $one['action']);
        }
    }
    
    /**
     * 
     * Grant permissions for a user
     * 
     * @param string $handle User handle
     * 
     * @param string $app Application class name
     * 
     * @param string $action Action name
     * 
     * @return bool
     * 
     */
    public function grant($handle, $app, $action)
    {
        return (bool) $this->insert(array(
            'flag'       => 'allow',
            'type'       => 'handle',
            'handle'     => (string) $handle,
            'class_name' => (string) $app,
            'act'        => (string) $action,
            'process'    => '*',
        ));
    }
    
    /**
     * Set up table schema and indices
     *
     * @return void
     */
    protected function _setup()
    {
        // Table name
        $this->_name = 'perms';
        
        // ----------------------------
        // Table schema
        //
        
        $this->_col['id'] = array(
            'type'    => 'int',
            'primary' => true,
            'autoinc' => true,
            'require' => true,
        );
        
        // create timestamp
        $this->_col['created'] = array(
            'type'     => 'timestamp',
            'require'  => true,
        );
        
        // update timestamp
        $this->_col['updated'] = array(
            'type'     => 'timestamp',
            'require'  => true,
        );
        
        // 'allow' or 'deny'
        $this->_col['flag'] = array(
            'type' => 'varchar',
            'size' => 10,
        );
        
        // 'role' or 'handle'
        $this->_col['type'] = array(
            'type' => 'varchar',
            'size' => 10
        );
        
        $this->_col['handle'] = array(
            'type'    => 'varchar',
            'size'    => 15,
            'require' => true,
        );
        
        $this->_col['class_name'] = array(
            'type' => 'varchar',
            'size' => 100,
        );
        
        $this->_col['act'] = array(
            'type' => 'varchar',
            'size' => 50,
        );
        
        $this->_col['process'] = array(
            'type' => 'varchar',
            'size' => 20,
        );
        
        // Make sure sql is available
        if (! Solar::isRegistered('sql')) {
            Solar::register('sql', Solar::factory('Solar_Sql'));
        }
    }
}
